| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-09-21 | * separate out post fw hooks for IN, FWD, OUT. Use count_iptables_rule from lib | Mohit Mehta | |
| 2010-08-31 | Fix 6125: iptables errors on boot up of mendocino | Stig Thormodsrud | |
| Shorten chain from VYATTA_PRE_CT_PREROUTING_HOOK to VYATTA_CT_PREROUTING_HOOK | |||
| 2010-06-10 | Infrastruction needed for bug 5583. | Stig Thormodsrud | |
| 2010-05-17 | Fix Bug 5588 Add ability to modify conntrack expectation table size | Mohit Mehta | |
| * added 'firewall conntrack-expect-table-size' to modify expect table's size * added 'firewall conntrack-hash-size' to set hash size for conntrack table | |||
| 2010-04-09 | Add VYATTA_PRE_DNAT_HOOK in nat PREROUTING table. | Stig Thormodsrud | |
| 2009-09-22 | Bugfix 4951: Don't fail if IPv6 kernel module is not loaded. | Bob Gilligan | |
| Handle the case where the IPv6 kernel module is not loaded more gracefully. | |||
| 2009-05-27 | explicitly set conntrack table size to 16384 on system boot | Mohit Mehta | |
| 2009-05-08 | Bugfix 4340: Enable net.netfilter.nf_conntrack_tcp_be_liberal by default. | Bob Gilligan | |
| The parameter in question loosens the "acceptability" check on TCP sequence and ACK numbers in the TCP conntrack module. This allows connection tracking to survive certain cases where packet loss would cause it to loose sync with the TCP endpoints. | |||
| 2009-04-13 | Add conntrack and post firewall hooks for IPv6. | Bob Gilligan | |
| 2009-03-12 | Doing strict ES won't work for router | Stephen Hemminger | |
| Need a different kind of filter to fix 4061. (Not sure if it is even possible as firewall rule since it depends on quagga config rules). | |||
| 2009-03-12 | Don't use -P | Stephen Hemminger | |
| Changing default property of rules screws up other things | |||
| 2009-03-12 | Enable strict host matching | Stephen Hemminger | |
| Bug 4061 Host (INPUT) chain will only accept packets where destination address matches address on incoming interface. | |||
| 2008-08-21 | fix for bug 3622: add pre-SNAT hook | An-Cheng Huang | |
| 2008-04-08 | add post-firewall hook for other features | An-Cheng Huang | |
| 2008-03-10 | update from VPL1 to GPLv2 | Stephen Hemminger | |
| 2007-12-10 | Update vyatta-cfg-firewall package. | Bob Gilligan | |
 |
index : vyatta-cfg-firewall.git | |
| Configuration templates and scripts for the firewall subsystem. (mirror of https://github.com/vyos/vyatta-cfg-firewall.git) |
| summaryrefslogtreecommitdiff |